CISM Certified Information Security Manager – Question0438

The MOST effective way to communicate the level of impact of information security risks on organizational objectives is to present:

A.
business impact analysis (BIA) results.
B. detailed threat analysis results.
C. risk treatment options.
D. a risk heat map.

Correct Answer: D